program:
bind$inet(0xffffffffffffffff, 0x0, 0x0) (async)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'aio_iiro_16\x00', [0x9e1, 0x2166, 0x0, 0x100000, 0x88d6, 0x8f, 0x1, 0x1, 0x6, 0xffffffff, 0x200, 0x8, 0x0, 0x1, 0x6, 0x8002, 0x4, 0x3, 0x9, 0xfffffbff, 0x4, 0x2, 0x7c, 0x4, 0x0, 0x5, 0x401, 0x7df, 0x7e, 0x2007, 0xc0000]})
socket$phonet(0x23, 0x2, 0x1) (async)
r1 = socket$phonet(0x23, 0x2, 0x1)
listen(r1, 0xaacc)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, 0x42, 0x0, 0xfffffffffffffffd, 0x3f})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0) (async)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000100)={<r3=>0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x83, &(0x7f0000000240)={r3}, &(0x7f0000000080)=0x10) (async)
getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x83, &(0x7f0000000240)={r3}, &(0x7f0000000080)=0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r5, &(0x7f0000000440)=[{&(0x7f0000000000)="a6e9ab4363b321d00b8f", 0xa}, {0x0}], 0x2)
ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x300, 0x0, 0x0, 0x300}})
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)

[   75.009488][ T5317] Bluetooth: hci0: command tx timeout
[   75.044610][ T5338] ------------[ cut here ]------------
[   75.051175][ T5338] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/aio_iiro_16.c:180:9
[   75.082992][ T5338] shift exponent 8550 is too large for 32-bit type 'int'
[   75.093228][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   75.093253][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.093262][ T5338] Call Trace:
[   75.093268][ T5338]  <TASK>
[   75.093275][ T5338]  dump_stack_lvl+0x189/0x250
[   75.093385][ T5338]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.093399][ T5338]  ? __pfx__printk+0x10/0x10
[   75.093419][ T5338]  ? __pfx___request_region_locked+0x10/0x10
[   75.093443][ T5338]  ubsan_epilogue+0xa/0x40
[   75.093461][ T5338]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   75.093510][ T5338]  ? __request_region+0xc2/0xe0
[   75.093521][ T5338]  ? comedi_request_region+0x7b/0x180
[   75.093565][ T5338]  aio_iiro_16_attach+0x5e8/0x790
[   75.093586][ T5338]  comedi_device_attach+0x520/0x670
[   75.093605][ T5338]  comedi_unlocked_ioctl+0x686/0xf40
[   75.093627][ T5338]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   75.093649][ T5338]  ? __lock_acquire+0xab9/0xd20
[   75.093666][ T5338]  ? __fget_files+0x2a/0x420
[   75.093680][ T5338]  ? __fget_files+0x2a/0x420
[   75.093689][ T5338]  ? __fget_files+0x3a0/0x420
[   75.093697][ T5338]  ? __fget_files+0x2a/0x420
[   75.093707][ T5338]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.093717][ T5338]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   75.093727][ T5338]  __se_sys_ioctl+0xfc/0x170
[   75.093739][ T5338]  do_syscall_64+0xfa/0x3b0
[   75.093789][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.093801][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.093814][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   75.093829][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.093841][ T5338] RIP: 0033:0x7fa60c98e929
[   75.093854][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.093874][ T5338] RSP: 002b:00007fa60d845038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.093891][ T5338] RAX: ffffffffffffffda RBX: 00007fa60cbb5fa0 RCX: 00007fa60c98e929
[   75.093899][ T5338] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003
[   75.093906][ T5338] RBP: 00007fa60ca10b39 R08: 0000000000000000 R09: 0000000000000000
[   75.093913][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.093919][ T5338] R13: 0000000000000000 R14: 00007fa60cbb5fa0 R15: 00007ffe382533c8
[   75.093938][ T5338]  </TASK>
[   75.093944][ T5338] ---[ end trace ]---
[   75.230676][ T5339] loop0: detected capacity change from 0 to 512
[   75.263177][ T5338] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   75.266387][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   75.271770][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.276859][ T5338] Call Trace:
[   75.278323][ T5338]  <TASK>
[   75.279587][ T5338]  dump_stack_lvl+0x99/0x250
[   75.281615][ T5338]  ? __asan_memcpy+0x40/0x70
[   75.283709][ T5338]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.286094][ T5338]  ? __pfx__printk+0x10/0x10
[   75.288301][ T5338]  panic+0x2db/0x790
[   75.290078][ T5338]  ? __pfx_panic+0x10/0x10
[   75.291959][ T5338]  ? _printk+0xcf/0x120
[   75.293766][ T5338]  ? __pfx__printk+0x10/0x10
[   75.295860][ T5338]  check_panic_on_warn+0x89/0xb0
[   75.298199][ T5338]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   75.301001][ T5338]  ? __request_region+0xc2/0xe0
[   75.303139][ T5338]  ? comedi_request_region+0x7b/0x180
[   75.305456][ T5338]  aio_iiro_16_attach+0x5e8/0x790
[   75.307749][ T5338]  comedi_device_attach+0x520/0x670
[   75.310250][ T5338]  comedi_unlocked_ioctl+0x686/0xf40
[   75.312664][ T5338]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   75.315373][ T5338]  ? __lock_acquire+0xab9/0xd20
[   75.317491][ T5338]  ? __fget_files+0x2a/0x420
[   75.319594][ T5338]  ? __fget_files+0x2a/0x420
[   75.321720][ T5338]  ? __fget_files+0x3a0/0x420
[   75.323834][ T5338]  ? __fget_files+0x2a/0x420
[   75.325898][ T5338]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.328067][ T5338]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   75.330547][ T5338]  __se_sys_ioctl+0xfc/0x170
[   75.332567][ T5338]  do_syscall_64+0xfa/0x3b0
[   75.334695][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.337118][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.339766][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   75.341818][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.344345][ T5338] RIP: 0033:0x7fa60c98e929
[   75.346250][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.354550][ T5338] RSP: 002b:00007fa60d845038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.358119][ T5338] RAX: ffffffffffffffda RBX: 00007fa60cbb5fa0 RCX: 00007fa60c98e929
[   75.361414][ T5338] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003
[   75.365194][ T5338] RBP: 00007fa60ca10b39 R08: 0000000000000000 R09: 0000000000000000
[   75.368630][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.371854][ T5338] R13: 0000000000000000 R14: 00007fa60cbb5fa0 R15: 00007ffe382533c8
[   75.375149][ T5338]  </TASK>
[   75.376776][ T5338] Kernel Offset: disabled
[   75.378828][ T5338] Rebooting in 86400 seconds..